Computer systems face a threat of attack by malicious computer code, such as worms, viruses and Trojan horses. As used herein, “malicious computer code” is any code that enters a computer without an authorized user's knowledge and/or without an authorized user's consent.
Some current antivirus protection systems are configured so that an anti-virus scan can be performed when an application modifies and then closes a file. Such an anti-virus scan is performed in the context of the thread performing the closing of the file, thus blocking the closing thread from performing other activities until this scan is completed. In the meantime, other activities involving this file, such as a request to open the file, are also prevented until the scan is completed. Waiting for this scan to complete can be a very time-consuming process, particularly when the scan is being conducted on a container file that must be decomposed into parts, each of which need to be scanned separately. While the scan is occurring, the thread closing the file can appear to be unresponsive. The system can be configured to permit access of the file before the scan is complete, making the application appear more responsive, but there is a risk that malicious code may be accessed before it is repaired. There is currently no method for freeing the closing thread so that it can perform other tasks while the scan is occurring, without compromising the security of the system.
Similarly, some current anti-virus protection systems are configured to perform a scan when an application opens a file. Such an anti-virus scan is performed in the context of the thread performing the opening of the file, thus blocking the opening thread from performing other activities until this scan is completed and also preventing other activities involving this file until the scan is completed. While the scan is occurring, the thread opening the file can appear to be unresponsive. There is currently no method for releasing the opening thread so that it can perform other tasks while the scan is occurring, without comprising the security of the system.
What is needed are methods, computer readable media and systems that perform semi-synchronous scanning of files with minimum performance impact on threads closing or opening files.